dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast
reply to Cartel

Re: Canada and the US Government hacked by China

Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.

I don't buy it.
--
Chris
Living in Paradise!!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

A law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to FoxNews.com on Monday, but it remains unclear what information, if any, was taken or left behind.

"This [White House Communications Agency] guy opened an email he wasn't supposed to open," the source said.

That email contained a spear phishing attack from a computer server in China, the law enforcement source told FoxNews.com. The attack was first reported by the conservative blog Free Beacon. Spear phishing involves the use of messages disguised to appear as valid; in fact, they contain targeted, malicious attempts to access sensitive or confidential information.

By opening the email, which likely contained a link to a malicious site or some form of attachment, the agency member allowed the Chinese hacker to access a system, explained Anup Ghosh, founder and CEO of security company Invincea.

"The attack originated in the form of a spear phish, which involves a spoofed inbound email with either a link to a malicious website or a weaponized document attachment such as a .pdf, Microsoft Excel file or Word document," he told FoxNews.com.

Free Beacon claimed that the U.S. government’s most sensitive networks were breached in the incident, which took place early last month.

“One official said the cyberbreach was one of Beijing’s most brazen cyberattacks against the United States,” the report said.

The law enforcement source told FoxNews.com he was notified of the successful phishing incident but did not know what information was actually accessed. A White House official downplayed that report, saying that the system involved was not a sensitive nuclear system, and no evidence indicated that information was actually taken.

»www.foxnews.com/tech/2012/10/01/···omputer/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
spear phish?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to chrisretusn
said by chrisretusn:

I don't buy it.

Well China owns a large part of the US plus it wouldn't surprise me to find that much of the gear in the WH was manufactured in China.

I'm not so quick to dismiss the story.
--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to AVD

List of phishing techniques
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Spear Phishing
Phishing attempts directed at specific individuals or companies have been termed spearphishing.[33] Attackers may gather personal information about their target to increase their probability of success.
Clone Phishing
A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original.
This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.
Whaling
Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.[34]

Anti-phishing

There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. Most new internet browsers come with anti-phishing software.[1]
[edit]Social responses
One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be effective, especially where training provides direct feedback.[59] One newer phishing tactic, which uses phishing e-mails targeted at a specific company, known as spear phishing, has been harnessed to train individuals at various locations, including United States Military Academy at West Point, NY. In a June 2004 experiment with spear phishing, 80% of 500 West Point cadets who were sent a fake e-mail from a non-existent Col. Robert Melville at West Point, were tricked into clicking on a link that would supposedly take them to a page where they would enter personal information. (The page informed them that they had been lured.)[60]

»en.wikipedia.org/wiki/Phishing
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast
reply to StuartMW
I am not dismissing the story. I don't buy the part in the quote to whit:

Hackers linked to Chinas government broke into one of the U.S. governments most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
This at best is a huge exaggeration. I very much doubt that a "most" sensitive computer network used for nuclear commands was breached. Perhaps a secretaries computer in a related office might have been breached. I say this because such systems are normally "air-gapped" or isolated from other lower classed systems. I also do not place much credence on "according to defense and intelligence officials familiar with the incident." To me it nothing but sensationalism, to get you to read more, especially since that is the article lead in first paragraph.
--
Chris
Living in Paradise!!


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
said by chrisretusn:

I am not dismissing the story. I don't buy the part in the quote to whit:

Hackers linked to Chinas government broke into one of the U.S. governments most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
This at best is a huge exaggeration. I very much doubt that a "most" sensitive computer network used for nuclear commands was breached.

I concur. It is extremely doubtful such a system is setup as being accessible from the public Internet. As you said it sounds like some ignorant secretary running Doze opened a malicious .PDF from a spear phishing email.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

1 recommendation

said by KodiacZiller:

said by chrisretusn:

I am not dismissing the story. I don't buy the part in the quote to whit:

Hackers linked to Chinas government broke into one of the U.S. governments most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
This at best is a huge exaggeration. I very much doubt that a "most" sensitive computer network used for nuclear commands was breached.

I concur. It is extremely doubtful such a system is setup as being accessible from the public Internet. As you said it sounds like some ignorant secretary running Doze opened a malicious .PDF from a spear phishing email.

social engineering can close any gap.
--
--Standard disclaimers apply.--


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
said by AVD:

said by KodiacZiller:

said by chrisretusn:

I am not dismissing the story. I don't buy the part in the quote to whit:

Hackers linked to Chinas government broke into one of the U.S. governments most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
This at best is a huge exaggeration. I very much doubt that a "most" sensitive computer network used for nuclear commands was breached.

I concur. It is extremely doubtful such a system is setup as being accessible from the public Internet. As you said it sounds like some ignorant secretary running Doze opened a malicious .PDF from a spear phishing email.

social engineering can close any gap.

If the sensitive systems are not on the Internet, then social engineering via e-mail wont work.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
said by KodiacZiller:

If the sensitive systems are not on the Internet, then social engineering via e-mail wont work.

wrong.
--
--Standard disclaimers apply.--